I need to enable say 4 or 5 specific ports on my internal network but I do *NOT* want the available to the net. The ports in question are the LDAP / Samba ports which are used for authentication. We can assume that shorewall has the ports closed on all interfaces. I've found that if I specify them in the "Advacned" box, that shorewall throws them open to the world which is definately unacceptable behaviour. My questions then are as follows:
1. Is there a way to specify origin on the Advanced line such that I could say that if a packet arrives for this port on this interface, then drop/reject whatever?
2. Alternatively, is there a way to write a simple iptables rule that superceeds all others and is preferably interface specific? What might the syntax for this be? I see no reason to spend a day or so studying iptables just to figure out how to write 1 line, if such were possible.
Jim C.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
